× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 67c13df5d4169b6c95c48fb149f8b8cd11dd3b045a51d4f12e0397ccd7e2384a
File name: payload_1.exe
Detection ratio: 18 / 64
Analysis date: 2018-07-02 12:14:01 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent.C2592309 20180702
Antiy-AVL Trojan[Backdoor]/Win32.Mokes 20180702
AVG FileRepMalware 20180702
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180702
Bkav W32.eHeur.Malware14 20180702
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Endgame malicious (high confidence) 20180612
Sophos ML heuristic 20180601
Jiangmin Backdoor.Mokes.ge 20180702
Kaspersky UDS:DangerousObject.Multi.Generic 20180702
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch 20180702
Microsoft Trojan:Win32/Fuerboos.A!cl 20180702
Panda Trj/Genetic.gen 20180702
Qihoo-360 HEUR/QVM19.1.3BE7.Malware.Gen 20180702
Symantec ML.Attribute.HighConfidence 20180702
Webroot W32.Trojan.Gen 20180702
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180702
Ad-Aware 20180702
AegisLab 20180702
ALYac 20180702
Arcabit 20180702
Avast 20180702
Avast-Mobile 20180702
Avira (no cloud) 20180702
AVware 20180702
BitDefender 20180702
CAT-QuickHeal 20180701
ClamAV 20180702
CMC 20180702
Comodo 20180702
Cybereason 20180225
Cyren 20180702
DrWeb 20180702
eGambit 20180702
Emsisoft 20180702
ESET-NOD32 20180702
F-Prot 20180702
F-Secure 20180702
Fortinet 20180702
GData 20180702
Ikarus 20180702
K7AntiVirus 20180702
K7GW 20180702
Kingsoft 20180702
Malwarebytes 20180702
MAX 20180702
McAfee 20180702
eScan 20180702
NANO-Antivirus 20180702
Palo Alto Networks (Known Signatures) 20180702
SentinelOne (Static ML) 20180701
Sophos AV 20180702
SUPERAntiSpyware 20180702
TACHYON 20180702
Tencent 20180702
TheHacker 20180628
TotalDefense 20180702
Trustlook 20180702
VBA32 20180629
VIPRE 20180702
ViRobot 20180702
Yandex 20180702
Zillya 20180702
Zoner 20180702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-17 18:24:07
Entry Point 0x00002355
Number of sections 4
PE sections
PE imports
CADeleteCA
CAEnumNextCA
CACloseCertType
CACloseCA
InterlockedDecrement
CreateJobObjectA
GetTickCount
LoadLibraryA
WaitForSingleObjectEx
lstrlenW
GetLocalTime
LoadLibraryExA
GetPrivateProfileStringA
TlsGetValue
GetConsoleTitleA
GetProcAddress
OpenMutexA
GlobalAddAtomW
FindNextFileW
FindResourceExW
CloseHandle
GetTempFileNameA
ReadConsoleA
CreateProcessA
GetLogicalDriveStringsA
GetLongPathNameA
FormatMessageA
CreateFileA
InsertMenuA
LoadImageW
LoadIconA
GetClassLongW
GetWindow
GetPropW
CharUpperW
LoadMenuW
MessageBoxA
GetMessageW
FindWindowA
DrawStateW
CharToOemA
LoadBitmapA
GetDlgItemTextW
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:17 20:24:07+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
54272

LinkerVersion
7.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x2355

InitializedDataSize
54272

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1edf62a3c0e2e0f6c745ed34c5550d62
SHA1 061c0f52aea0d316b7d17a143f682ea49936ba06
SHA256 67c13df5d4169b6c95c48fb149f8b8cd11dd3b045a51d4f12e0397ccd7e2384a
ssdeep
1536:fnbYLcf0em8AY6hZ2ReM/z6tZfpeRRfTmofN:eeyY6Ws6YZEPTmoF

authentihash 67bd879b05b2388f4b86725bf5fa114a67630fdad68fbb05f65dcb467cd874b7
imphash 324d880ff6c41370ac1dd8774593749b
File size 107.0 KB ( 109568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-02 12:14:01 UTC ( 10 months, 3 weeks ago )
Last submission 2018-07-02 17:29:35 UTC ( 10 months, 3 weeks ago )
File names chr.exe
chr.exe
payload_1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened mutexes
Runtime DLLs